Answering your question is difficult as you have provided very little information. I will explain the steps that I go thru when reviewing traffic and deciding if a source should be blocked. This is the classic What, Who, and When type of analysis.
STEP 1: WHAT
Do you understand what the request is? How often is the request being made to your server? Is this request causing your server or service a problem or are you just annoyed by it?
wc-ajax=get_variation is a request for product variations for WooCommerce. This may or may not be a good request. This could simply be a bot that is indexing products for your website. You will have to decide.
STEP 2: WHO
Did you investigate who the source is? A Reverse DNS Lookup sometimes provides meaningful information. Also, do a curl to that IP address. If there is no website there, probably a bot or bad actor.
An IP address that is owned by Google does not mean that Google is attacking you. Google provides services to other companies/people. Your server is public, expect all kinds of XXX from all kinds of sources.
This IP address 35.196.208.182 resolves to googleusercontent.com. This means a service provided by Google. This could be Google Cloud but not Google itself.
STEP 3: WHEN
What time of the day are these requests arriving? How frequently: once per minute, once per hour, etc.? Well behaved bots will not overload your sites with requests. In your question, you show 11,454 requests. That seems high (as in bad bot), but you do not show the time period for these requests.
Recommendations
Your server is public. You will pull your hair out blocking IP addresses. Hackers and bad bots frequently change their IP addresses or service locations. This means that an IP address that you block today, might be for a real customer tomorrow or next month.
Install an intelligent WAF (firewall) that automatically detects and blocks traffic like this. Set the block duration low as in 24 hours after XX requests have arrived in 5 minutes or 8 hours or whatever you decide.
